help: putty tunneling X11 back through ssh local proxy
I would appreciate feedback on whether what I am doing is sane and
where the operator error might be.
I have box A-home (Win), B-office (Linux) and C-workstation(Linux).
Both A-home and C-workstation have local, DHCP-ed, NAT'ed addresses. B-
office and C-workstation run ssh daemons. From A-home I want to run
cygwin-X and be able to run a single command in addition, that will:
- open a terminal on C-workstation
- enable me to run X commands on C-workstation with display on A-home
- enable me to run vncviewer on A-home for the server on C-workstaton
I set up a straight ssh connection with X11 forwarding to B-office;
works great both for terminal and X11.
I set up a new connection as follows:
- target C-workstation (at default port, i.e. 22)
- X11 forwarding
- tunneling L 25900:C-workstation:5900
- proxied with local command: plink B-office -nc %host:%port
As I understood the docs, the above should set up a tunnel through B-
office to C-workstation by running plink per proxy definition, and
then use it for all other traffic, including login, X11 and VNC.
- login/terminal and VNC work fine, X11 commands on C-workstation
Xlib: unexpected connection setup reply from server, type 108.
<x-command>: unable to open display "localhost:10.0".
- putty log (from the putty term window's system menu) shows:
2008-10-26 03:45:28 Received X11 connect request from 127.0.0.1:57019
2008-10-26 03:45:28 Starting local proxy command: C:\Program Files
\Putty\plink.exe B-office -nc ::1:6000
2008-10-26 03:45:28 Opening X11 forward connection succeeded
2008-10-26 03:45:29 Forwarded X11 connection terminated
Looks to me like after getting the connect request from C-workstation
back to A-home, putty somehow feels compelled to forward it back
through the original proxy with a new tunnel, which looks completely
wrong. Seems like all the traffic should go through the tunnel, that
was created in the first place with the proxy.
- what am I missing?
- how should I be accomplishing my goal?
- last resort; is this a bug in putty?
Re: help: putty tunneling X11 back through ssh local proxy
>I have box A-home (Win), B-office (Linux) and C-workstation(Linux).[/color]
>I set up a new connection as follows:
>- target C-workstation (at default port, i.e. 22)
>- X11 forwarding
>- tunneling L 25900:C-workstation:5900
>- proxied with local command: plink B-office -nc %host:%port[/color]
>2008-10-26 03:45:28 Received X11 connect request from 127.0.0.1:57019
>2008-10-26 03:45:28 Starting local proxy command: C:\Program Files
>\Putty\plink.exe B-office -nc ::1:6000[/color]
What I think is going wrong is that PuTTY is trying to make a proxy
connection to get at the local X server, which is of course the wrong
thing to do.
Normally, it won't use the proxy for connections to localhost for
precisely this sort of reason. However, it looks here as though it's
trying to use the proxy to a localhost address, albeit an unusual one --
"::1" is _IPv6_ localhost.
I haven't dug all the way to the bottom of this, but I have some
suspicions. In particular, I suspect that the efficacy of PuTTY's
"localhost detection" is greatly reduced if local name lookups are
disabled, as they will often be when a proxy is in use; in this case I
suspect PuTTY will in effect simply do a textual comparison against the
string "localhost", which will fail if the hostname to compare is "::1".
I'm not quite sure how your X display host has ended up as "::1" in the
first place, however.
It would be useful to know the state of the following configuration
items in your setup:
- Proxy panel: "Consider proxying local host connections"
(default is unchecked; if you've changed this, then the behaviour is
- Proxy panel: "Do DNS name lookup at proxy end"
(default is "Auto", which is effectively "Yes" for a local proxy)
- X11 panel: "X display location"
(default is blank, which will either use the DISPLAY variable from
the environment -- is that set, and if so what to? -- or failing that
it'll use "localhost:0")
What version of PuTTY, and what version of Windows on A-home?
(In any case, I suspect that putting "::1" in "Exclude Hosts/IPs" will
solve your problem, but it probably shouldn't be necessary, so I'd be
interested to get to the bottom of this.)